Post on 24-Sep-2020
Block
Message
Encryption
The hacker selects the attack method
With very simple step-by-step tools, the hacker can quickly assemble his own ransomware. He rewards the provider of this service by paying him a 25% commission on transactions made through the campaign.
then drafts the message
Your private data is encryptedYour workstation has just been locked. To retrieve your data,
The code is ready to be used
</>
Step 1
Customization
Step 3
Distribution
The service prepares the malware
according to the choices indicated
Countdown
Step 2
Creation
AS A SERVICE ?
HOW DOES IT WORK?
The creation of malicious code is no longer the talent of a
privileged handful. Currently, anyone can do it as the
generation of malicious code is available as a service on the
Dark Web. As a matter of fact, threats will increase sharply in
the coming months.
and provides
payment information
Ransomware: Many victims,few solutions
Stormshield Endpoint SecurityThis proactive protection prevents malicious software from running on your computer and/or exploiting vulnerabilities (through an exploit kit).
Stormshield Endpoint Security with its proactive
malicious behavior identification technology allows
blocking most ransomware programs even before they are
identified as such by the cybersecurity community.
Further information:
www.stormshield.eu/endpoint-protection
FOR REAL PROTECTION,
THERE IS A PROACTIVE SOLUTION
COLLABORATIVE SECURITY
Stormshield, a fully-owned
subsidiary of Airbus Defence and
Space, offers innovative end-to-end
security solutions to protect:
Networks (Stormshield Network Security),
Computers(Stormshield Endpoint Security)
Data(Stormshield Data Security).
www.stormshield.eu
Copyright Stormshield 2016
Regularly performbackups.
Be wary of suspicious emails with attachments or from
dubious websites.
Update your applications, pluging and operating
systems.
SOLUTIONSTO COUNTER RANSOMWARE
SOME INDISPENSABLE ADVICETo protect yourself from ransomware
Created byJoseph Poppin 1989
HERE WE GO!The ransomware will use multiple methods to spread such as paying for an exploit kit in order to exploit
a vulnerability.
...
201518,000,000+RANSOMWARE
2012
120,000RANSOMWARE
x150VS
CREATE YOUR OWN RANSOMWAREWITHOUT TECHNICAL KNOWLEDGE RANSOMWARE AS A SERVICE
OBSERVATIONSuch attacks are constantly on the rise (new attacks or variants)
...GPcode (.AG, .AK)
MagnitudeTROJ.RANSOM.A
ArchiveusKrotten
RSA4096Cerber
CryzipMayArchive
PetyaCryptoLocker
TorrentLockerCryptowall
TeslaCryptLocky Ransomware
KeRangerCTB-Locker
WinLockRevetonWinwebsec...
AN ACTIVE AND VARIED FAMILY
COMPLEXITY OF ENCRYPTIONRansomware has become harder and harder to decrypt, shrinking chances of getting back data without having to pay the ransom demanded.
In a very short time, encryption keys have grown considerably both in size and in strength.
660 bits2006
1,024 bits2008
COMMUNITY OF HACKERSVarious ransomware campaigns are no longer carried out by a single group but by several groups of people.
ALL
OF US ARE AFFECTED
Private users & Organizations of all sizes
and sectors
KERANGER THE FIRST RANSOMWARE
TARGETING MAC OS X SYSTEMS (2016)
CTB-LOCKER(VARIANT)
TARGETS WEB SERVERSIN GNU/LINUX
CAMPAIGNS ARE TARGETEDA striking example: Locky
Targeting corporations, Locky spread through malicious email campaigns (emails containing false invoices, bearing an Operator logo, etc).
Customized emails made it all the more effective.
All OSs affected
THE NEW JIGSAW THREATRansomware has come a long way in sophistication. And new techniques appear. The latest to date being Jigsaw, ransomware with a countdown.
If 150USD worth of Bitcoins are not purchased within the time limit given, a countdown will begin to delete files on the victim's computer whenever the counter reaches 0.
In this way, the user being held in a stressful state and with little time to think clearly, will prefer to pay the ransom.
VARIOUS METHODS
NOTIFICATION POP-UP A message appears urging the user to reactivate the operating system (e.g. Windows Product Activation) or to install an update (e.g. Transmission software on OSX).
Unsuspectingly, the user will click on the invitation without further verification and as such set off the attack which in several seconds will encrypt all his private data or part of the operating system.
PLAYING ON FEARSCertain ransomware programs do not encrypt data, but misuse legal authority to extort from users by displaying pornography or child pornography.
To unlock their workstations, users need to send an SMS to a toll number. Such scams allegedly reaped about 14 million Euros.
ANDROID, A MASSIVE CHALLENGE. Telephones today are no longer just telephones - our address book and all related information (contacts, numbers, addresses, birthdays, etc), messages, notes, photos and even applications are stored on them. Imagine their potential for hackers.
Having recently made its appearance, Dogspectus is a ransomware program that holds information hostage on Android smartphones in versions below version 4.4.
TELEPHONES ARE UNDER THREAT
- RANSOMWARE DOES NOT ONLY SPREAD BY EMAIL -
• compromised or malicious websites,• a USB key, • a software/application installation from an unreliable source,• social networks (which facilitate social engineering), etc.
Multipleinfectionv e c tor s
$
HKKIkjhyhg215KOJhdynzkjk%%¨°9008jHGjhH//LJHJHt8gG-g-èt--vè5667jhjBJ8HHhuiHUlklkjHYè6GF’yFVDCD”ere4ROièHUJGr-(vhqssdML$§µ.%MPOeEX,UUP°llujk
HKKIkjhyhg215KOJhdynzkjk%%¨°9008jHGjhH//LJHJHt8gG-g-èt--vè5667jhjBJ8HHhuiHUlklkjHYè6GF’yFVDCD”ere4ROièHUJGr-(vhqssdML$§µ.%MPOeEX,UUP°llujk
HKKIkjhyhg215KOJhdynzkjk%%¨°9008jHGjhH//LJHJHt8gG-g-èt--vè5667jhjBJ8HHhuiHUlklkjHYè6GF’yFVDCD”ere4ROièHUJGr-(vhqssdML$§µ.%MPOeEX,UUP°llujk
YOUPAY UP
YOUDON'T PAY UP
YOU RECEIVETHE DECRYPTION
KEY
YOU ARE CAUTIOUS,SO YOU DON'T OPENTHE ATTACHMENT
YOU MAY RECEIVEYOUR DATA - OR NOT
ILLUSTRATION OF A SIMPLE ATTACKSPREAD OF RANSOMWARE BY EMAIL
NamePC Cyborg Trojan.
Modus OperandiIssued warnings that the software license has expired
Ransom demanded189$
THE CROOK GETSYOUR MONEY
Ransomware.Rebirth of a lucrative attackOver the past few months, we have been witnessing a boom in ransomware attacks. With attacks such as Cryptolocker or the more recent Petya, ransomware has been under the media spotlight due to its lucrative side as well as how quickly and devastatingly it spreads.
In a few wordsRansomware is malicious software that holds private data hostage.
Such malware encrypts private data, and through a message, demands that the owner sends money in exchange for the key that would allow decrypting the data.
EMERGENCE OF THE FIRST RANSOMWARE
2 types of ransomware: First category: Classic "police" ransomware that freezes your
browsers (called Browlock) or completely paralyzes your computer.
The second, increasingly widespread and probably the more
nefarious, includes crypto-ransomware or "cryptoware". Malicious
software of this kind will encrypt documents stored on your
computer, making them unreadable without the decryption key held
by the hacker who will then demand a ransom in exchange for this
key.